Created
August 29, 2017 10:20
-
-
Save luvpreetsingh/a863ad26a2423b5a7dde755949b9a5e9 to your computer and use it in GitHub Desktop.
Rsyslog Config file to send nginx logs to elasticsearch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # only sending nginx logs. So, use the programname filter. | |
| template(name="all-json" | |
| type="list"){ | |
| property(name="$!all-json") | |
| } | |
| if $programname == "nginx" then { | |
| action(type="mmnormalize" | |
| rulebase="/opt/rsyslog/nginx-logs.rb" | |
| ) | |
| # store the rule for matching the logs in /opt/rsyslog/nginx-logs.rb file | |
| # exclude the queue parameters if you dont want to use them. | |
| action(type="omelasticsearch" | |
| template="all-json" | |
| searchIndex="testing-logs" | |
| searchType="logs" | |
| server="127.0.0.1" | |
| serverport="9200" | |
| uid="user" | |
| pwd="pass" | |
| bulkmode="on" | |
| action.resumeretrycount="-1" | |
| queue.type="LinkedList" | |
| queue.highwatermark="40000" | |
| queue.spoolDirectory="/var/spool/rsyslog/queues" | |
| queue.filename="rsyslog-testing-logs" | |
| queue.lowwatermark="5000" | |
| queue.maxdiskspace="100m" | |
| queue.size="50000" | |
| queue.dequeuebatchsize="1000" | |
| queue.saveonshutdown="on" | |
| ) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment